New Ransomware: Scam Two Friends to Unlock Your PC

John Lister's picture

A new form of ransomware offers victims the chance to escape the release fee by fooling two friends into paying up instead. A security expert likened it to a malware version of a pyramid scheme.

Traditionally ransomware involves malware getting onto a computer and then encrypting all files, with an on-screen message demanding the victim pay a fee to regain access. It's unknown what proportion of people pay up, but some big organizations such as hospitals and police forces are known to have paid the fee in the past, rather than lose sensitive data or access to control systems.

The new variant is dubbed Popcorn Time. It has no connection whatsoever to software of the same name that allows people to use the Bit Torrent file sharing system to easily view Hollywood movies without having any technical knowledge (or any desire to question the file's copyright status).

Bounty Encourages Shady Behavior

As with other ransomware, Popcorn Time has a release fee. In this case, it is one unit of the virtual currency Bitcoin, equivalent to around $778 at the time of writing. That's just a little over the average ransomware demand, a figure that has risen steeply this year. (Source:

The twist is that there's an alternative to paying up. The Popcorn Time instructions claim users can instead get a custom link that carries a reference code and, when clicked, will attempt to install the software.

Tactic Preys On Good Relationships

The idea is to pass on the link to other people such as friends, family or colleagues in the hope that they'll be more likely to click on it than a message from an unknown contact. According to the instructions, if two other people get infected by the malware through the custom links and go on to pay the fee, the original victim will get their files back free of charge. (Source:

There's no evidence yet of how many people have tried to take up this offer or if the scammers really do give out the reward for passing on the link. It's worth remembering of course that as well as being ethically horrific, spreading malware to try to gain the reward may well break local or national laws.

What's Your Opinion?

Setting aside the ethics, is this a clever tactic? Would you be tempted to spread the malware to avoid the cost? Are people who do so as bad as the original scammers?

Rate this article: 
Average: 5 (4 votes)


Dennis Faas's picture

Malware peddlers deserve nothing less than the death penalty. That said I sincerely hope no one is dumb enough to scam two friends into downloading the same ransomware onto their machines.

Once again I'd like to remind folks that to avoid scams like this, backup your files regularly and store them onto an external hard drive for safe keeping. If you need help with backups, I can assist by remote - simply contact me and I'll get back to you as soon as I can.

kcsmike_8394's picture

Do these ransomware encryption scams depend on encryption software already on my computer ? I rarely use encryption and was wondering if I disabled it by renaming the program that does encryption for example, would I be taking preventative measures against one of these attacks ?

Dennis Faas's picture

Ransomware works by encrypting data and files on the system as soon as malware is installed, so that you cannot access your files until you pay a ransom. There are also fake ransomware programs that claim your data is encrypted, but they don't actually encrypt the data - they still demand payment.

At any rate, the ransomware encryption has nothing to do with whether or not you have an encrypted drive already. Even if you did encrypt your drive with Windows Bitlocker (for example), it would simply encrypt what is already encrypted, still making your files inaccessible.